Archiving or continued operation?
Many companies have completed the first stage of their transformation - productive systems have been migrated, and new workloads established. Yet few discuss what remains: legacy systems that cannot simply be shut down or deleted, often due to compliance requirements, auditing obligations, or simply because no one is entirely sure what is still needed.
Decisions about what to do with these systems are often made too late - or based on assumptions that no longer match your actual system landscape.
This article helps you make a structured decision: is a data archiving sufficient, or do you need functional retention with a hardened standby operation and on-demand online access windows?
Why archiving alone is rarely enough - and which 5 questions you should ask yourself instead
1) What auditing obligations apply to my company – both now and in the future?
The first question is: “To what extent do the data in my legacy systems still carry legal relevance?” Not every SAP system can simply be shut down or exported. In many cases, auditors and regulators require not only access to the data itself, but also to the contextual processing of that data within a functioning application. This is especially true for companies in industries such as finance, pharmaceuticals, or those with international subsidiaries, where strict regulations apply (e.g., GoBD, GDPR, FDA 21 CFR Part 11).
Your transformation history also matters: Were data truncated during migration? Were entire modules decommissioned or just outsourced? Depending on the scenario, you must be able to review, export, or even validate legacy data in the original system.
In short: Only if you know what you must be able to demonstrate can you decide how - and in what form - you need to keep data accessible.
2) How secure and maintainable are my current legacy systems, really?
Many companies that still need access simply continue running their legacy environments. While this may seem like a pragmatic solution, it quickly becomes risky when the hardware is outdated or virtual machines are no longer maintained. This creates security gaps and technical risks—ranging from data loss to increased vulnerability to attacks. At the same time, keeping these systems running consumes resources that are neither economically nor strategically well invested.
Even pure archiving solutions are not necessarily secure: they offer no protection against outdated export procedures, incomplete documentation, or technical incompatibility.
In practice, we see this again and again: companies believe their legacy environments are “dormant systems.” In reality, they are highly vulnerable unless they are deliberately secured and properly isolated.
3) In the event of an audit: Are my archived data audit-proof?
In audits, the focus is on the integrity of your data and the traceability of processes. The key question is whether archived data are fully documented and available at any time in the required format.
Audit-proof archiving therefore means more than simply storing data. It requires clearly defined access processes, role-based permissions, continuous monitoring, and a documented system function. Without these components, inconsistencies can arise that may become critical during an audit.
In short: Make sure you can carry out your start/stop processes in a controlled, audit-compliant way.
4) What makes the most economic sense: archiving, continuing operations, or a standby solution?
What are the cost drivers in your chosen scenario? Each option comes with its own set of expenses - some obvious, others hidden.
- Keeping legacy systems running generates ongoing costs: infrastructure, maintenance contracts, licenses, security, patching, and often-overlooked operational expenses such as energy consumption and cooling. Unexpected emergency interventions can also add up - making this approach the least advisable. Instead, a structured decommissioning or a controlled standby solution is usually the smarter and more economical alternative.
- Archiving may seem like the cheapest option at first glance, but in reality it can become costly, especially if access to contextual data is missing or if external audits require system functionality that an archive alone can’t deliver.
- Standby solutions, where systems remain inactive but can be brought online when needed, often strike a more practical balance. If only a few well-defined online access windows are required per year, the advantages are clear: lower operating costs, fewer security risks, and the elimination of technical debt.
Which option is the most cost-effective ultimately depends on your usage scenario, compliance requirements, and internal resources. Considering all of these aspects will help you identify the approach that is not only technically feasible, but also financially sustainable.
5) How do operating costs for a legacy system evolve over its lifetime?
Over time, the costs of running a legacy system inevitably rise.
- Compatible hardware is gradually replaced by newer components with altered specifications. Modern infrastructure is often not officially supported for older systems, since it’s not economically viable for vendors to test every possible hardware and software combination. As a result, compatibility certifications are usually limited to current technologies. Updating an old system to ensure its compatibility and availability for potential access or audits brings additional costs.
- Legacy software often falls out of maintenance cycles during the retention period. After that, it may no longer be supported at all - or only through costly, case-by-case maintenance contracts.
- The longer an SAP legacy system remains in place, the harder and more expensive it becomes to retain or re-acquire the necessary operational expertise within the company.
However securing legacy systems can be managed efficiently in modern environments such as Azure—using bastion hosts, segmented networks, or automated start/stop routines—without tying up continuous resources.
Summary:
Whether opting for archiving, continued operation, or standby retention, the right choice depends on your compliance obligations, how frequently you need access to legacy systems, and what makes sense financially in the long run. The key is to evaluate your options early in the transformation project and to realistically assess both the risks and the hidden costs of legacy systems. Our experience shows that in many cases where compliance requirements apply, a standby retention solution offers the best balance of security, flexibility, and efficiency. We’d be happy to advise you on the right strategy for your organization—and support you in putting it into practice. Get in touch with us below!
